Payment Liability Shifts: Understanding and Preparing for Them

The payment ecosystem is notoriously complex.

And nowhere is this more apparent than when it comes to issuing chargebacks. Who should do it? Why?

As we will see, with liability shifts, the answer isn’t always straightforward. Let’s shed a light on things below.

What Is a Payment Liability Shift?

A payment liability shift happens when new rules or regulations update who is responsible for issuing a chargeback.

Chargeback requests often lead to refunds, which is why neither merchants nor card issuers want to absorb the losses. The liability falls on different participants depending on the payment scenario, the technology used, and the security measures put in place.

The chargeback regulations are designed to improve the security of payments in both card-present and card-not-present (CNP) scenarios. Stakeholders will attempt to minimize risk by enforcing the use of security technologies, such as EMV chips or 3-D Secure. 

The critical point to understand is that every time a new payment regulation comes into place, you can expect the liability of issuing chargeback refunds to shift. The responsibility to pay the chargeback will fall on whomever is considered the weakest point in the long and complex payment chain.

History of Known Payment Liability Shifts

Throughout the history of online payments, the responsibility for processing chargebacks has been passed back and forth between card issuers and merchants – whether those chargebacks come from fraudulent payments or not.

Let’s look at a few key dates:

• In 1974, the Fair Credit Billing Act introduced the concept of chargebacks, which were always to be processed by the issuing bank.
  
• Between 1993 and 2015, EMV chips were expected to secure transactions, and the liability fell on the merchants to issue chargebacks.
  
• 2021 SCA and 3DS regulations allowed merchants to prove that they had deployed appropriate security measures, whereupon the liability would fall back on the issuer. 

Let’s break down the two fundamental liability changes in more detail below.

What Is the EMV Liability Shift?

The EMV liability shift was a noteworthy change in the rules that covered payment terminals between 2015 and 2021. 

Before the deployment of EMV chips, which generate a new authentication code for each transaction, these point-of-sale debit and credit card payments were deemed risky. Europay, Mastercard, and Visa worked together to increase the security of these payment channels, which shifted liability onto the merchant in case of a chargeback refund.

Here are examples of some of the rules put in place:

• The acquirer became liable for counterfeit card transactions if the card used a magnetic stripe.
  
• The acquirer became liable for lost or stolen card transactions if the card had an EMV chip but the terminal had no PIN verification enabled.

The idea was to be more strict about the specific situations where merchants, issuers or acquirers had to take care of the chargeback.

What Is the 3DS Liability Shift?

Another liability shift happened during the launch of the Strong Customer Authentication (SCA) regulation, part of the EU’s PSD2 directive from 2015. 

It encouraged the deployment of the 3-D Secure protocol, designed to improve the security of online card payments. 

A direct consequence of 3DS was that the chargeback liability shifted back to the acquirer. While there are concerns about the added friction for the customer, the extra authentication step is shown to reduce risk for the merchant. 

Note that effective from October 2021, 3-D Secure was updated to a second version. This does not affect the last liability shift. 

The European Commission is also in the early stages of a new update to the regulation, PSD3.

Who Is the Party Liable for Fraud Today?

At the moment, there is no single answer. The liable party for a fraudulent payment depends entirely on the payment use case or method used.

As a merchant, you will want to study the above table to better understand and promote those methods that allow you to risk the least.

If the liable party is the card issuer, this means the merchant is less likely to face issues down the line.

For example, you can see that without 3-D Secure, it’s the merchant who becomes liable for online payments using a stolen card. However, 3-D Secure also introduces friction – so it’s a balancing act.

How to Prepare for a Payment Liability Shift

What will the next liability shift be? There is no way to tell. However, whether you are a payment provider or a merchant – or anyone accepting online card payments, for that matter – the key is to be prepared.

And being prepared in the CNP space means one thing: understanding and reducing fraud and chargebacks. 

Here are a few strategies to put in place today:

1. Improve your communication: Whether it’s by working on better product descriptions, editing your T&Cs, or accelerating customer support, you should aim to prevent as much miscommunication as possible that could lead to a chargeback request.
   
2. Deploy fraud prevention software: By gaining more information about your users and transactions, you can instantly block suspicious payments, which will reduce chargebacks in the long run.
   
3. Monitor the signup, login, and purchase stages: Looking at transaction data is great. Ensuring you flag fraudsters as they register or log into your site using someone else’s account is just as important.
   
4. Encourage refunds instead of chargebacks: Though in an ideal world, you would face neither, keep in mind that a refund is much better than a chargeback, as it costs a merchant less. Make yourself easier to reach and communicate this to your customer base.
   
5. Maintain good relationships with payment partners: Reducing chargeback rates isn’t just great for your bottom line. It also helps stay in the good books of payment service providers, payment gateways, and issuing banks.
   
6. Understand customer behavior: You can use data to look at how customers behave as they navigate your store and complete a transaction. In the fraud prevention world, this is monitored via velocity rules, which allow you to flag suspicious behavior before the payment goes through, and sometimes even before authentication or account creation.
   
7. Deploy machine learning: If you can’t catch all the fraudsters or suspicious behavior that leads to chargeback requests, an AI might. With machine learning, you benefit from an overwhelming computing power to process all the payment and user data and suggest where risk may lie.

So, how much are chargebacks likely to be costing you today? Use the calculator below to get an estimate.

How SEON Helps Prevent Chargebacks and Transaction Fraud

SEON combines multiple data enrichment modules to gain as much information as possible about a customer and transaction without adding friction.

This includes an innovative device fingerprinting solution that captures hundreds of parameters, allowing you to get a better idea of who is paying for the transaction – and especially who is trying to pay using suspicious configurations of software and hardware.

All this data is fed through risk rules, which allow you to get a concrete idea of how likely you are to deal with chargeback fraud or even first-party fraud. The system then lets you automatically approve or decline the transaction, or flag it for manual review.

SEON also allows you to deploy two powerful machine learning modules to analyze your transaction and user data, as well as suggest risk rules that are relevant to your business only. 

All of the above is available via easy-to-integrate granular reporting, REST APIs, pay-per-call pricing, and outstanding support and documentation – as well as an end-to-end platform, for those who prefer a holistic solution.

FAQ